Security Bulletin 15-0007-001: Possible HTTP Redirect...

Expand / Collapse
 

Security Bulletin 15-0007-001: Possible HTTP Redirect vulnerability in MiCC installations


Article ID: 52333 - Last Review: September 28, 2015

OVERVIEW

This security bulletin provides product-specific details on the vulnerability described in Mitel Security Advisory 15-0007   Visit http://www.mitel.com/security-advisories for more details.


During installation, MiCC does not harden Microsoft IIS configuration which inadvertently results in two vulnerabilities being introduced to CcmWeb.  If successfully exploited, an attacker could read files or perform HTTP redirects.

 

APPLICABLE PRODUCTS

Product Name  Versions Affected  Solutions Available 
 MiContact Center 7.X and earlier Yes - See Mitigation/Workaround 
 



RISK / EXPOSURE

CcmWeb allows read access to any file on the install drive using specially formulated URLs

  • CVSS V2.0 OVERALL SCORE: 5
  • CVSS V2.0 VECTOR: AV:N/AC:L/Au:N/C:P/I:N/A:N
  • CVSS BASE SCORE: 5
  • CVSS TEMPORAL SCORE: Not defined
  • CVSS ENVIRONMENTAL SCORE: Not defined
  • OVERALL RISK LEVEL: Low

CcmWeb open redirect security issue

  • CVSS V2.0 OVERALL SCORE: 5
  • CVSS V2.0 VECTOR: AV:N/AC:L/Au:N/C:P/I:N/A:N
  • CVSS BASE SCORE: 5
  • CVSS TEMPORAL SCORE: Not defined
  • CVSS ENVIRONMENTAL SCORE: Not defined
  • OVERALL RISK LEVEL: Low

 

MITIGATION / WORKAROUND

Both procedures require that the IIS URL rewrite module is installed.  For more information, visit http://www.iis.net/downloads/microsoft/url-rewrite

How to block relative paths
The following procedure sets up IIS request filters to block relative paths in query strings in CcmWeb:

  1. IIS config->Default Web Site->CcmWeb->URL Rewrite
  2. Add rule->Request blocking.
  3. Block based on query string.
  4. Pattern = *..*

How to prevent redirectquery strings
The following procedure configures IIS to block redirecturl query strings in CcmWeb:

  1. IIS config->Default Web Site->CcmWeb->URL Rewrite
  2. Add rule->request blocking.
  3. Block based on query string.
  4. Pattern = *redirecturl*

 

PATCH INFORMATION

No patch has been issued for these issues. This issue will be corrected in the next major release of MiCC.



APPLIES TO

MiCC Version 7.X 

Keywords: 15-0007-001 http redirect security bulletin



Rate this Article:
     

Add Your Comments


Name: *
Email Address:
Web Address:
Verification Code:
*
 

Details
Last Modified:Wednesday, November 04, 2015
Last Modified By: AndrewM
Type: INFO
Rated 1 star based on 1 vote
Article has been viewed 4,671 times.
Options